Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1455-1
HistoryJan 08, 2008 - 12:00 a.m.

libarchive

2008-01-0800:00:00
Google
osv.dev
12

0.104 Low

EPSS

Percentile

95.0%

JSON

Several local/remote vulnerabilities have been discovered in libarchive1,
a single library to read/write tar, cpio, pax, zip, iso9660 archives.
The Common Vulnerabilities and Exposures project identifies the following
problems:

  • CVE-2007-3641
    It was discovered that libarchive1 would miscompute the length of a buffer
    resulting in a buffer overflow if yet another type of corruption occurred
    in a pax extension header.
  • CVE-2007-3644
    It was discovered that if an archive prematurely ended within a pax
    extension header the libarchive1 library could enter an infinite loop.
  • CVE-2007-3645
    If an archive prematurely ended within a tar header, immediately following
    a pax extension header, libarchive1 could dereference a NULL pointer.

The old stable distribution (sarge), does not contain this package.

For the stable distribution (etch), these problems have been fixed in
version 1.2.53-2etch1.

For the unstable distribution (sid), these problems have been fixed in
version 2.2.4-1.

We recommend that you upgrade your libarchive package.

Related

openvas 6
nessus 3
freebsd_advisory 1
debian 1
securityvulns 2
gentoo 1
prion 3
debiancve 3
cve 3
cvelist 3
nvd 3
ubuntucve 3
cert 1
kitploit 1
openvas
openvas
Debian Security Advisory DSA 1455-1 (libarchive1)
2008-01-17 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-07:05.libarchive.asc)
2008-09-04 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-07:05.libarchive.asc)
2008-09-04 00:00:00
nessus
nessus
openSUSE 10 Security Update : libarchive (libarchive-3982)
2007-10-17 00:00:00
Debian DSA-1455-1 : libarchive - denial of service
2008-01-10 00:00:00
GLSA-200708-03 : libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities
2007-08-13 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-07:05.libarchive
2007-07-12 00:00:00
debian
debian
[SECURITY] [DSA 1455-1] New libarchive1 packages fix several problems
2008-01-08 20:29:10
securityvulns
securityvulns
FreeBSD Security Advisory FreeBSD-SA-07:05.libarchive
2007-07-13 00:00:00
libarchive multiple security vulnerabilities
2007-07-13 00:00:00
gentoo
gentoo
libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities
2007-08-08 00:00:00
prion
prion
Null pointer dereference
2007-07-15 21:30:00
Design/Logic Flaw
2007-07-14 00:30:00
Buffer overflow
2007-07-14 00:30:00
debiancve
debiancve
CVE-2007-3645
2007-07-15 21:30:00
CVE-2007-3644
2007-07-14 00:30:00
CVE-2007-3641
2007-07-14 00:30:00
cve
cve
CVE-2007-3645
2007-07-15 21:30:00
CVE-2007-3644
2007-07-14 00:30:00
CVE-2007-3641
2007-07-14 00:30:00
cvelist
cvelist
CVE-2007-3645
2007-07-15 21:00:00
CVE-2007-3644
2007-07-14 00:00:00
CVE-2007-3641
2007-07-14 00:00:00
nvd
nvd
CVE-2007-3645
2007-07-15 21:30:00
CVE-2007-3644
2007-07-14 00:30:00
CVE-2007-3641
2007-07-14 00:30:00
ubuntucve
ubuntucve
CVE-2007-3645
2007-07-15 00:00:00
CVE-2007-3644
2007-07-14 00:00:00
CVE-2007-3641
2007-07-14 00:00:00
cert
cert
libarchive does not properly terminate loop
2008-03-20 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00

0.104 Low

EPSS

Percentile

95.0%

JSON
Related for OSV:DSA-1455-1
openvas6nessus3freebsd_advisory1debian1securityvulns2gentoo1prion3debiancve3cve3cvelist3nvd3ubuntucve3cert1kitploit1